Link to home
Start Free TrialLog in
Avatar of nextech01
nextech01Flag for United States of America

asked on

Security EventID 676

Currently the eventlogs on our Win2k SP4 server has a number of security logs in the middle of the night and they are referenceing eventID 676 with the info below.

Authentication Ticket Request Failed:
       User Name:      barbara
       Supplied Realm Name:      FNBHAYS.COM
       Service Name:      krbtgt/FNBHAYS.COM
       Ticket Options:      0x40810010
       Failure Code:      0x12
       Client Address:      172.16.1.210

The usernames vary and sometimes are blank. Logins are disable from 7pm to 7am and there is nobody present on-site etc.

Any insight would be appreciated on what may be happening
ASKER CERTIFIED SOLUTION
Avatar of tonyteri
tonyteri
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of nextech01
nextech01
Flag of United States of America image

ASKER

I would agree that  it is a failed user logon but when this is happening there is no one on-site because it happens in the middle of the night a lot of times, I have included another bit from one of the logged events;

Service Ticket Request Failed:
       User Name:      FNBPDC$
       User Domain:      FNBHAYS.COM
       Service Name:      krbtgt/FNBHAYS.COM
       Ticket Options:      0x2
       Failure Code:      0x20
       Client Address:      127.0.0.1

In this case the server name is FNBHAYS and happened at 5:17am and what is confusing is the username FNBPDC$ which may be a service but it is occuring on this server named FNBPDC.

Thanks